[Openid-specs-mobile-profile] Mobile Profile WG Call March 22nd 2017 preliminary minutes

philippe.clement at orange.com philippe.clement at orange.com
Thu Mar 23 09:17:17 UTC 2017

Dear all,

Please find below the preliminary minutes of our call on March 22nd 2017.
Let me know of any error or misunderstanding

Participants:   John, Bjorn, Keith, Nicolas, Philippe, Siva, Charles, axel

1-      CPAS-MODRNA joint call debrief
2-      FAPI/Banking Use Case
3-      Continue discussion on asynchronous/synchronous modes and user consent/authentication for token retrieval
4-      Proposal from Orange UQ
5-      AOB

1-      CPAS-MODRNA joint call debrief
Reminder of next meeting (Monday March 27th 2pm UTC (3pm CET)
Reminder of frequency: monthly on Tuesdays 2pm UTC (beware of next DST switch)
1st draft of prioritised item sent to the CPAS/MODRNA basecamp list for comments and suggestions. Discussions on the presence of Ciba, UQ, authorization on this list.
==>     All participants to comment the list or suggest updates.
Participants of the call are subscribed to the new basecamp MODRNA/CPAS, please contact Siva or Gautam if not the case.

2-      FAPI/Banking Use Case
Call flows are not available yet, could take more time to obtain.

3-      Continue discussion on asynchronous/synchronous modes and user consent/authentication for token retrieval
Discussion regarding UK cases, JWT assertions, UQ, back and front channel ways to obtain the access token.
The device flow approach can be correlated to that. Depending on the fact the user could intervene in the loop, pushing or polling modes could be addressed for the AT provision.
Orange presents a first draft with a proposed approach to update the RFC7523 spec.
One idea could be to update the JWT assertion flows to accommodate asynchronous mode. Another one is to use UQ to push the user code for confirmation in the device flow. In any case we consider that there is no user agent in the (device to AS) flow.
Work on progress to find the best approach (Orange)
==>     Orange to push the XML format to the list for comments.
Question raised whether one or two endpoints are concerned at the AS, depending on the fact the user is concerned or not.
A suggestion is presented to adapt device flow to make it synchronous, in case of no interaction with the user occurs.
There is a consensus to admit we have an opportunity for alignment with the device spec.

4-      AOB
Discussion about an operator (Russian?) wanting to have a back channel AT retrieval from a mobile application

Kind regards,

   Please join my meeting, Sep 24, 2015 at 10:00 AM EDT.  https://global.gotomeeting.com/join/927253461<https://global.gotomeeting.com/join/764054389>
2.      Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone.

United States: +1 (626) 521-0013
Australia: +61 2 8355 1034
Austria: +43 (0) 7 2088 1036
Belgium: +32 (0) 28 08 9460
Canada: +1 (647) 497-9376
Denmark: +45 (0) 89 88 03 61
Finland: +358 (0) 942 45 0382
France: +33 (0) 170 950 586
Germany: +49 (0) 811 8899 6931
Ireland: +353 (0) 15 255 598
Italy: +39 0 694 80 31 28
Netherlands: +31 (0) 208 084 055
New Zealand: +64 (0) 9 887 3469
Norway: +47 23 96 01 18
Spain: +34 932 20 0506
Sweden: +46 (0) 840 839 467
Switzerland: +41 (0) 435 0824 78
United Kingdom: +44 (0) 330 221 0098

Access Code: 764-054-389
Audio PIN: Shown after joining the meeting

Meeting ID: 927-253-461
Online Meetings Made Easy(r)

Not at your computer? Click the link to join this meeting from your iPhone(r), iPad(r), Android(r) or Windows Phone(r) device via the GoToMeeting app.

  << Fichier: ATT00001.txt >>


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170323/6f97713d/attachment.html>

More information about the Openid-specs-mobile-profile mailing list